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Abstract— Sensor network is a term used to refer to a heterogeneous system combining tiny sensors and 


actuators with general/special-purpose processors. Sensor networks are assumed to grow in size to include 


hundreds or thousands of low-power, low-cost, static or mobile nodes. This system is created by observing 


that for any densely deployed sensor network, high redundancy exists in the gathered information from the 


sensor nodes that are close to each other we have exploited the redundancy and designed schemes to 


secure different kinds of aggregation processing against both inside and outside attacks. 
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I. INTRODUCTION 


“Sensor network” is a term used to refer to a 
heterogeneous system combining tiny sensors and 
actuators with general/special-purpose processors. Sensor 
networks are assumed to grow in size to include hundreds 
or thousands of low-power, low-cost, static or mobile 
nodes. 


Sensor networks are useful in a variety of fields, including 
environmental monitoring, military surveillance, and 
information gathering from inhospitable places. They not 
only monitor but also facilitate control of physical 
environments from remote locations. Sensors play 
important roles in various applications: measuring flow, 
temperature, humidity, pressure, brightness, mechanical 
stress, and proximity. Areas such as disaster anticipation, 
environment control, health care, military command 
control benefit greatly from this emerging technology. 


High priorities, leading to the question of to what degree 
the network is secure? So far, most of the research has 
focused on making sensor networks a reality. Security, 
relatively speaking, has not received as much concern 
primarily because of the difficulty of dealing with such 
devices under stringent specifications. Traditionally, 
security relies heavily on cryptographic methods; 
nevertheless, a significant number of problems require 
security specification that is beyond the scope and ability 
of all known cryptographic techniques. 
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In this paper, we proposed a Framework for secure Data 
Aggregation approach. This approach is able to detect 
malicious sensors, assign trust values to each sensor, and 
apply cryptographic techniques to achieve Security 
Principles 


This paper is organized as follows: Section 2: explains 
literature survey, different methodologies on wireless 
sensor networks, their nature, applications, and typical 
paradigms; Section 3: contains the two main concepts, 
security in sensor networks, and data aggregation 
techniques in sensor networks. Section 4: depicts the 
details of the proposed approach to achieving secure data 
aggregation. Section 5: Results. 6: Finally, conclusions are 
drawn in. 


II. RELATED WORK 


Wagner et. aL, in [2], show a number of examples in 
which simple attacks were able to bring down a network 
running some known routing protocols, for example, 
TinyOS beaconing protocol. This protocol constructs a 
breadth first spanning tree rooted at a base station. A route 
update is initiated at the root and broadcast to the 
neighboring nodes, which, in turn, propagate the same 
update to the other nodes. Each node marks the sender as a 
parent node (Figure 2.1). 
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Fig.2.1 A WSN Constructed Using TinyOS 


2.1 Sensor Networks 


Sensor networks rely on sensing, processing and wireless 
communication abilities. Thanks to recent enhancements 
and developments in electronics, sensor networks have 
greater flexibility in terms of the solutions they can offer in 
a wide range of applications. Their extent application is 
only limited by the availability of the sensing elements that 
can be employed. Some of the sensors used today include 
those that measure temperature, pressure, humidity, flow, 
vibration, brightness, mechanical stress, and proximity. 
Thus, sensor networks are well suited to a variety of 
monitoring and surveillance applications 


2.2 Sensor Hardware Considerations 


The development of sensor nodes (hardware and software) 
has been greatly influenced by the type of application they 
serve. Generally, sensor nodes must be small, economical, 
energy efficient, equipped with sensing elements, good at 
computation performance, and have suitable wireless 
communication facilities. Figure 2.2 shows the main 
hardware components that build a typical sensor node: 
processor, memory, sensors, communication elements, and 
power supply [5,6,7]. However, it is important to note that 
some applications may _ require extra hardware 
components, for example, a GPS to locate a node, or 
UAVs to move a node, or a power generator. 





I 
Sensing unit 1 | Processing unit I 





Fig.2.2: Sensor Node Hardware Components 


2.3 Sensor Node Communication Architecture 
(Protocol Stack) 


Similar to all other communication devices, sensor 
network design complies with the layer design approach, 
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in which every layer has to provide well-defined 
functionalities. According to [8], the protocol stack 
consists of the physical layer, data link layer, network 
layer, transport land application layer (Figure 2.3), 
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OSI Model 
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Fig.2.3: Sensor Network Communication Architecture 


2.4 Challenges: Sensor Capability and Security 


Poor Resources (memory, processor, and power): as can be 
inferred from Table 1 above, sensors are deprived of the 
luxury of having strong resources, similar to all other 
networks, to run security algorithms, which demand a 
certain amount of resources memory space for the code 
and data, processing power, and energy. Therefore, 
security algorithms code has to be kept small, which may 


involve modification and optimization to ' traditional 


security functions 


Unreliable Communication: communication between 
sensors is not reliable, mainly suffering from collisions, 
latency, and the connectionless nature of packets routing. 


Error rate in wireless sensor networks by default is high, 
leading to packet loss and damage. Software developers 
are required to handle errors by incorporating the 
mechanism for that, such as error detection and correction. 


Unattended Operation: in most cases, once sensors are 
deployed, they are left unattended, behind enemy lines in 
some cases, management, for example, may take place 
remotely. As a result, physically tampering with sensors is 
very likely to happen and detection is extremely difficult. 


Hil. SECURITY AND DATA AGGREGATION 
INWSNS 


With the importance of in-network processing, however, 
enforcing security becomes a more challenging task. As a 
matter of fact, data aggregation techniques and security 
protocols face conflicts in their implementation. On one 
side, to eliminate redundancy of data and thereby reduce 
the number of packets transmitted in the network, the data 
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aggregation protocols require sensor data to be processed 
by the intermediate nodes as much as possible. Therefore, 
data should be available in the clear text at every 
intermediate node to perform the aggregation process. On 
the other side, security protocols commonly require that 
sensor nodes encrypt any data prior to transmission so that 
information confidentiality is achieved. Data aggregation 
cannot 


be sacrificed. Its high importance in reducing redundancy, 
expanding network lifetime, and enhancing data accuracy 
necessitates its implementation. However, both data 
aggregation 


and false data infection cause sensor data modification, so 
legitimate data and false data can be confused. For those 
reasons, false data detection, compromised node 
elimination, and data aggregation protocols should be 
designed together so that the sensor network can survive 
and work successfully. 


3.1 Homomorphic Encryption 


The Homomorphic encryption as originally introduced by 
Claude et al [16], Homomorphic encryption schemes are 
especially useful in scenarios where someone who does 
not have decryption keys needs to perform arithmetic 
operations on a set of ciphertexts. 


3.2 Cryptographic Hash Function 


A cryptographic hash function is a deterministic procedure 
that takes an arbitrary block of data and returns a fixed- 
size bit string, the (cryptographic) hash value, such that an 
accidental or intentional change to the data will change the 
hash value. The data to be encoded is often called the 
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"message", and the hash value is sometimes called the 
message digest or simply digests. 


IV. PROPOSED APPROACH TO ACHIEVE 
SECURE DATA AGGREGATION 


This approach is able to detect malicious sensors, assign 
trust values to each sensor, and apply cryptographic 
techniques to achieve Security Principles. The chapter is 
organized as follows: 


1) System Model and Assumptions: This section 
explains some basic assumptions about the sensor network 
setup. Furthermore, it states the thesis goal from a security 
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point of view. 


2) Solution Framework: This part presents a strategy to 
achieve confidentiality, Integrity and authentication in data 
aggregation in WSN. 


3) Performance Analysis: This section evaluates the 
performance of the proposed secure aggregation method. 
Performance evaluation involves simulation results, and 
energy savings. 


4.1 SYSTEM MODEL AND ASSUMPTIONS 


——* Transmits data with some 
parameters. 


Transmits 9 coefficients 
of polynomial curve with 
some parameters. 


Sensor nodes performs 


sensing task. 


Tree nodes performs 
regression function (RF) 
to fit data to polynomial 
curve. 


RF = LAY 


Fig.4.1 Aggregation Network 


4.2 Security Goal and Assumptions 


Consider the scenario of a network of wireless sensors 
deployed in a certain area to perform measurements. 
Because the sensors are assumed to be simple, low in 
power consumption, and short in communication range, 
there exist intermediate nodes with relatively higher 
processing capabilities called aggregators. Upon a query 
from the home server, sensors perform their measurements 
and report to the aggregator, Which, in turn, performs 








some processing and eventually sends the result to the 
home server (Figure 4-1). 


THE SECURE DATA AGGREGATION PROTOCOL 
4.2.1 Key Setup 


Initially, cryptographic tools and secret keys are installed 
on all sensors; however, the use of them is avoided until 
misbehavior is detected. 








n is the number of nodes. 














ee Sn are the regular nodes. 


> Kenc=MAC (Ks1, A,1) 


>KS1, A=MAC (KA, S1) —— 


> KMAC=MAC(Ks1, a,2) 


>» KS2, A=MAC (KA, S2) 


> Ksn, A = (MAC (KA, Sn) 
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The following are the notations : 








H is the home server or base station. 








A is the aggregator. 








Xi is the value reported by Si. 














KH,Si is the shared key between sensor i and the 
home server. 














KA,Si is the shared key between the aggregator 
and home server. 














E(K,m) refers to the encryption of message m 
using key K. 














MAC(K,m) is the message authentication code of 
message m with key K. 














Si:m means a sensor Si sends a message m to the 
aggregator A. In a similar manner, A .n and H .n 
are defined. 











Agg is the aggregate result that the aggregator 
node produces. 





4.2.2 Deriving keys from the master secret key 


If a new node is added to the system, the corresponding 
key is added in the system, to the home server, and to the 
aggregator. However, for security reasons, the aggregator 
key can be changed and disseminated to all the nodes 
When needed. Nodes communicate. with the home server 
through the aggregator. In parts of our communication 
protocol, the nodes exchange special information with the 
home server using the home server node keys. Even 
though communication takes place through the aggregator, 
obviously the latter is not able to reveal such information. 
Communication between neighbouring nodes is not part of 
the current set-up, so pair-wise key sharing is not required. 


4.2.3 Communication Messages 


START is the message used by home server. Initially, 
Horne server broadcasts this message to all the sensor 
nodes in the field to indicate that all nodes should start 
their task. 


HELLO is the message broadcasted by all the nodes after 
receiving START message, in order to find their 
neighbours. This message will reach to those nodes only 
that are within range of that node. 


REPLY is the message send by a node when it’ receives 
HELLO message. This message contains the node id. After 
receiving the REPLY message, each node makes it 
neighbour list. Initially a node has empty neighbour list. 
When a node replies with its ID, then node receiving 
REPLY message retrieves the ID and make entry in its 
neighbour list. 
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STATUS is the message send to Home Server either 
directly or via aggregator. It contains neighbour list, 
residual energy of the node. After collecting the neighbour 
information, each node sends STATUS message to the 
home server. 


ACK is the acknowledgement send by the home server 
name server and those nodes which receives STATUS 
message. That means when home server receives STATUS 
message directly it sends back an ACK message. Or when 
a node (Aggregator) have STATUS message, It also sends 
back an ACK message to acknowledge them that STATUS 
has been successfully received. 


AGG_ADV is the message used to advertise the nodes 
themselves as a Aggregator. Actually, if the home server in 
the range of nodes then those nodes can send their 
STATUS to home server directly. But in the case if it is 
not within their range, then nodes need to have their 
aggregators to send their STATUS up to home server. 


When a node receives ACK message, then it advertises 
itself as an Aggregator by sending AGG_ADV message. A 
node receiving AGG_ADV, sends their STATUS to 
aggregator advertising node. In this case, a node can 
receive AGG_ADV message from many nodes. But it 
sends their STATUS to only that node from where it has 
received AGG_ADV message early. 


4.3 Secure Hierarchical Aggregation 


If the sensor network is too large, which is common, then 
multiple aggregators, usually cooperating, are required to 
handle the entire network. Functions such as AVERAGE, 
MIN, and MAX do support hierarchical aggregation. That 
'is, every aggregator performs the aggregation function on 
a subset of the nodes in the sensor network. The results are 
collectively sent to other aggregators for computing the 
same aggregation function again, 


The proposed algorithm has mainly three broad phases 
a) Setup phase 

b) Security Phase 

c) Transmission Phase 

4.3.1 Setup Phase 


In this phase, cluster set up, aggregator selection and 
Aggregator to Aggregator routing path is to be set up 
which is done using the communication messages. 


4.3.2 Security Phase 


Step 1: When an interesting event occurs, sensor node 
encrypts the result with homomorphic encryption as shown 
below 


E (K, m) =Xi + KH, Si mod M 
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Where Xi is reading of sensor node, KH, Si is shared key 
between home server and sensor node and M = number of 


VAC Conon 2 
MACTansnson 0 


nodes * maximum possible value of reading. 





Step 2.: Sensor node calculates the MAC of the given 


message using shared key between sensor and aggregator. 
4.3.3 Transmission phase 


Every Aggregator node informs each one of its child nodes 
when it can transmit, according to the TDMA schedule 
which is broadcasted back to the nodes in the cluster. Each 
node, during its allocated transmission time, sends to the 
cluster head quantitative data concerning the sensed 
events. Sensors to Aggregator Data Transmission Data 
aggregation flows starts from the regular nodes and ends at 
the home server. Again, in a trusted environment, sensors 
send simple packets that carry their IDs and readings to the 
aggregator. 


The secret key used here is the one shared between the 
node and the aggregator. The following shows the packet 
that a regular node Si, sends to the aggregator. 


Si, E (KSi, H, Xi | NH) | MAC (KSi, A, si | Xil NH), where 
Xi is the data reported by node Si, and NH is a random 
number to identify the query and to prevent replay attacks. 


The home server collects all the messages transmitted to it. 
The home server determines the new cluster heads by 
using the data of the received message. More precisely, the 
node having the highest residual energy and maximum 


Table: 2 Radio Energy Costs 


Security Option Energy (mJ) Increase (%) 
No security 1.215 - 
Authentication 1 .247 2 .6 
Authentication | and 1.385 13.99 


encryption 


Table 2 lists the security options and the corresponding 
energy consumption that is related to packet transmission. 


In conclusion, Power efficiency is an important aspect, 
which directly influences network lifetime. By making the 
security choice and looking at the tables above, the 
security designer can estimate the amount of energy to 
spend. 


5.2 Average Energy Dissipation 
Figure 5.1 shows the average energy dissipation of the 
protocol under study over the number of rounds of 


operation. This plot clearly shows that WITHAGG has a 
much more desirable energy expenditure curve than that of 


NOAGG and WITH AGGnSEC. On average, Protocol 
WITHAGG exhibits a reduction in energy consumption of 
30 percent to protocol with NOAGG. This is because of 
data aggregation no of message transfer are reduced. When 
we employ security then there is slight increase in energy 
consumption because much energy is required in 


number of neighbors, in each cluster, is elected to be the 
new aggregator. 


V. RESULTS 


5.1 Energy Consumption 


ey . communication than processing in sensor node. 
One contribution in favor of our security scheme is the P 8 


conservation of energy it makes. Cryptography causes 
considerable extra consumption energy, mainly due to 
packet overhead, which leads consequently to a shorter 
network lifetime. The exact amount of energy saved 
depends on the security requirements, encryption and/ or 
authentication, and the implemented cryptographic 
primitives, such as RC5, RC6, and DES. 


_ 
— 


Iw 


— 
on 
Eas 


Table 1 demonstrates the costs of computation and 
communication in terms of energy. Most of the overhead is 
related to the transmission of the extra bytes rather than 








Average energy cost of each delivered packet (Ws) 
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Number of nodes 


computations. 
Fig.5.1: A Comparison of Avg Energy Dissipation of 


Table 1: Energy Costs of Adding Security Protocols Protocol with Aggregation, No Aggregation and both 


Packet Component L Energy Consumption (%) 
Paw Tension O 


Aggregation and Security 
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5.3 System life Time 


The improvement gained through proposed protocol is 
further exemplified by the system lifetime graph in Figure 
5.2. This plot shows the number of nodes that remain alive 
over the number of rounds of activity for the 100 m X 100 
m network scenario. For Protocol with aggregation, 82% 
of the nodes remain alive for 60 rounds, while the 
corresponding numbers for protocol with No Aggregation 
is 40%, respectively. And With this, 45% of the nodes 
alive for 105 rounds while the corresponding numbers for 
protocol with no aggregation is 0 node alive i.e. all the 
nodes are dead for protocol with no aggregation after 105 
rounds. 


VI. CONCLUSION AND FUTURE WORK 
6.1 Conclusion 


Sensor networks promise viable solutions to many 
problems in a variety of fields. Sensing technology today 
is moving relatively fast from research contexts to 
industrial and social contexts, and with increased interest 
in implementing sensor networks, there comes a vital 
concern about data secrecy. 


The motivation behind this research is to relax the conflict 
that applying security on sensor networks tends to 
compromise other important issues. 


First, Cryptographic tools cause extra consumption of 
energy. Second, cryptographic functions assume that nodes 
are trustworthy as long as they use the assigned secret. 
keys. Third, end-to-end security prevents intermediate 
nodes from modifying message contents. Consequently, 
applying security does not allow data aggregation 
techniques to take place, deprives sensor networks of a 
long lifetime, and does not solve the inside attack problem. 
In spite of all that, security and data aggregation must both 
be implemented because they are vital for the success of 
sensor networks. In this context, this thesis addresses 
security issues in wireless sensor network, with a strong 
focus on secure data aggregation. A novel mechanism is 
proposed to achieve data aggregation while maintaining 
security requirements and preserving energy, even in the 
presence of Byzantine nodes (inside attacks). 


In the proposed technique, the aggregator, in addition to 
performing the regular aggregation function, the sensor 
nodes maintains the integrity, authentication and 
confidentiality 


However, it should be noted that the proposed mechanism 
has some limitations. Firstly, the maximum number of 
Byzantine nodes that this mechanism can simultaneously 
handle must be less than half of the total number of nodes. 
Secondly, it assumes that aggregator nodes are 
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trustworthy. Thus, for this mechanism to work efficiently, 
the aggregators must be provided with a higher level of 
security, such as Tamper-resistant packaging, and be 
placed in secure locations. Thirdly, a master key is used in 
deriving other keys for. all sensors to use. This keying 
technique introduces a shortcoming: if the master key is 
compromised, then the whole network can be 
compromised. 


6.2 Future Work 


The future works is to add the aggregator node to the list 
of non-trustees. In this thesis, the aggregator is regarded as 
a trusted node, which satisfies many sensor network 
applications. However, it is also of interest to determine 
the aggregator’s honesty. For that, another mechanism 
should be added. Chapter 3 introduces some work done in 
this area, detecting a malicious aggregator. For example, 
Deng et al. [50] and Wu et al. [51] propose having 
watchdog-like nodes to monitor the aggregators. These 
techniques can be manipulated so that they integrate with 
m}; technique. Moreover, an interactive proof technique in 
which the home server ensures that the aggregator is not 
malicious is possible. That is, the home server investigates 
previous readings and assigns trust values to the 
aggregator based on them. 


A second possible approach for extension is to implement 
multi-tiered security architecture. The proposed scheme 
assumes that cryptography is either on or off with 
multitiered security design, different levels of security can 
be maintained. Every security level can be triggered in 
accordance with the trust assessment. 


To summarize, security protocols and data aggregation 
techniques seem to introduce conflicts; however, 
integrating them both is essential for the success of a 
sensor network. The results of this thesis provide a good 
starting point for a deeper study of secure data aggregation 
protocols. 
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